Millions of people (unfortunately, not an exaggeration) are wondering what many Corporette® readers are also wondering: how to protect their credit after the Equifax data breach. On September 7, Equifax revealed that hackers may have exposed Social Security numbers, credit card numbers, birthdates, addresses, driver’s license numbers, website security questions/answers, etc., for up to 143 million people — a “breath-taking amount of highly sensitive data [handed] over to criminals,” as Ars Technica put it. We’ve seen some contradictory information online — and the sheer amount of advice out there is overwhelming — so we thought we’d round up some expert advice in a post. Readers, what steps have you taken to protect your credit after the breach? Have you used any services or had any success in freezing your credit? If you’ve written to government officials about changing the laws, share your script!
Here are the latest recommendations for how to protect your credit:
1. Visit www.equifaxsecurity2017.com to check if you’re at risk. Since announcing the site, Equifax has clarified that checking your status (and enrolling in TrustedID Premier, its free credit file monitoring and identity theft protection service), “does not waive any rights to take legal action.” So, after clicking on “Potential Impact,” enter your last name and the last six digits of your SSN. From there, you’ll get information on enrolling, including the date you can register. (You must do so by November 21). You won’t need to enter your credit card number, so you don’t have to worry about automatically being charged for the following year’s fee once the free year is up.
Note: Checking your status may not be as useful as it seems. ZDNet and Krebs on Security, among other outlets, have reported that people have entered fake information and still gotten an answer, while others have received different answers on various tries, or on a smartphone vs. a computer. I also felt nervous entering six (not just four) digits of my SSN on Equifax’s site, but my SSN is probably already out there, so there’s that.
That said, in case you’re interested in Equifax’s TrustedID service, here’s what it does:
- Gives you copies of your Equifax credit report.
- Provides monitoring of your Equifax, Experian, and TransUnion credit reports.
- Allows you to lock lenders’ access to your Equifax credit report. (When you want to apply for new credit, it may take 24–48 hours for Equifax to unlock it.)
- Scans the internet for your Social Security number.
- Provides identity theft insurance.
Of course, you might stop to consider whether you feel comfortable trusting Equifax with these responsibilities, considering the massive breach that took place on their watch…
2. Freeze your credit through the three credit reporting bureaus. (The New York Times also suggested freezing your credit with Innovis.) A credit freeze doesn’t stop someone from charging anything to your existing accounts, but it does make it more difficult for anyone to use your name to open new accounts. Freezing your credit prevents third parties from accessing your credit file (unless it’s a company you already do business with, such as your mortgage lender) until you remove the freeze, either temporarily or permanently. Yesterday, Equifax announced that for 30 days it will waive its fees to freeze credit files — but only after many people complained. For information on how you may be charged for a credit freeze (outside of this specific situation), check this updated chart of state credit-freeze laws. (It usually costs $5–$10.)
3. If you don’t want to freeze your credit (even though identity-theft experts recommend doing so), place a fraud alert on your credit files. Creditors will be notified that you are a potential victim of identity theft and will take care to verify your identity by contacting you directly before they open a loan or establish other credit in your name. A fraud alert lasts 90 days, but you can extend it. In an article at Bankrate, Robert Siciliano, CEO of IDTheftSecurity.com, said, “Everyone should assume their information has been compromised,” either through this data breach or those that have affected other companies — so at the very least, you should request these alerts.
4. Keep an eye on your credit report, bank accounts, and credit card, as well as email and snail mail. Remember, you can access your credit report for free every 12 months from Equifax, Experian, and TransUnion by visiting www.annualcreditreport.com. (You should get your credit reports from this site only — not from one of its imitators — and make sure to type in the URL in your browser rather than click a link from another site or an email. To be extra careful, that’s a smart thing to do for any financial site.) Some credit cards offer quick, free access to your FICO score, so check if yours is one of them. Another strategy: Even before the Equifax breach, I set up text alerts for one of my credit cards — every time my card is used to pay for something when I’m not there in person, I get a notification. Also, don’t wait until April 18, 2018, to file your 2017 taxes — do so as soon as you receive the documents and information you need. That way, you can get ahead of any potential scammers who plan to use your SSN to get a refund.
5. Do your research before signing up for a non-Equifax credit monitoring or identify monitoring service. (Of course, unlike with TrustedID, you’ll have to pay.) This may be a subject for a separate post, so for now, here’s some info from other sites: The Simple Dollar reviewed what it says are the best three services, IdentityForce, LifeLock, and ID Watchdog, while some in the know have said this kind of protection isn’t really worth the money, considering the free monitoring you can do on your own (see: The Motley Fool, Time, Wired).
Have you been wondering how to protect your credit after the Equifax data breach? Have you checked whether your personal information may have been compromised, and have you decided whether or not to freeze your credit and/or enroll in Equifax’s free service? Have you been a victim of identity theft in the past? What were the consequences, and how did you handle it?
- CNN has fact-checked six common rumors about the security breach.
- Los Angeles Times reporter Michael Hiltzik wrote a column called, “Here are all the ways the Equifax data breach is worse than you can imagine,” that points out some aspects of the breach you might not know about. (Ignore the outdated portion that says those who enroll in TrustedID won’t be able to sue.)
- A very thorough NYT column by Ron Lieber offers a lot of valuable information and includes questions he’s asked Equifax that have yet to be answered.